GEN000800 - The system must prohibit the reuse of passwords within five iterations.

Information

If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.

Solution

Use the chsec command to configure the system to prohibit the reuse of passwords within five iterations.
# chsec -f /etc/security/user -s default -a histsize=5
# chuser histsize=5 < user id >

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(e), CAT|II, CCI|CCI-000200, Rule-ID|SV-38679r1_rule, STIG-ID|GEN000800, Vuln-ID|V-4084

Plugin: Unix

Control ID: 169f674ab0d6dd29e4e3887247768f8398ee5287aa343f5b5d2404031134cc05